Rogue:W32/Renos

Classification

Malware

Rogue

W32

Rogue:W32/Renos, Trojan.Renos, Trojan-Downloader:W32/renos.gen!c

Summary

Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Manual Disinfection

In certain circumstances, F-Secure Anti-Virus may not be able to automatically remove files; the user must manually select the correct disinfection action before the antivirus program will proceed.

If a file detected as not-virus:Hoax.Win32.Renos is an executable with a DLL or EXE extension, and is located in Windows, Windows System or in a root folder of C: drive, this file can be safely deleted or renamed.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

For more Support

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Rogue:W32/Renos is program that displays annoying fake security warnings. The aim of this software is to trick a computer user to download third-party cleaning utilities, usually anti-spyware scanners.

Installation

The Renos executable file is usually dropped by malicious websites onto the computer system. It may also be delivered in the payload of a trojan.

Typically when a Renos' executable file is run, it drops a DLL file into Windows System folder and registers it as a system component. The DLL is the main Renos component.

Activity

When active, Renos shows a blinking icon in System Tray and periodically (actually quite often to be annoying) shows a fake security warning:

When a user clicks on this alert, his web browser is redirected to a website that offers a cleaning utility (usually anti-adware) for download.